CCX Duo Connector Support

About Us: CyberCX is Australia’s greatest force of cyber security. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX Duo Connector Support Add-on for "Duo Splunk Connector" looks to provide a single field extraction bundle for Duo logs. This TA was built using a large dataset and endeavours to be the most CIM compliant comprehensive field extraction TA available for Duo logs ingested via Duo Splunk Connector API. Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Authentication, Change, and Alert. - The CCX Duo Connector Support Add-on for "Duo Splunk Connector" (https://splunkbase.splunk.com/app/3504/) provides an additional sourcetype for selection ("duo") which replaces the use of default json by Splunk. *Please under "More settings" on "Duo Splunk Connector" setup select Set sourcetype to "duo" and proceed.